capabilities.md

  1---
  2title: Extension Capabilities
  3description: "Extension Capabilities for Zed extensions."
  4---
  5
  6# Extension Capabilities
  7
  8The operations that Zed extensions are able to perform are governed by a capability system.
  9
 10## Restricting capabilities
 11
 12As a user, you have the option of restricting the capabilities that are granted to extensions.
 13
 14This is controlled via the `granted_extension_capabilities` setting.
 15
 16Restricting or removing a capability will cause an error to be returned when an extension attempts to call the corresponding extension API without sufficient capabilities.
 17
 18For example, to restrict downloads to files from GitHub, set `host` for the `download_file` capability:
 19
 20```diff
 21{
 22  "granted_extension_capabilities": [
 23    { "kind": "process:exec", "command": "*", "args": ["**"] },
 24-   { "kind": "download_file", "host": "*", "path": ["**"] },
 25+   { "kind": "download_file", "host": "github.com", "path": ["**"] },
 26    { "kind": "npm:install", "package": "*" }
 27  ]
 28}
 29```
 30
 31If you don't want extensions to be able to perform _any_ capabilities, you can remove all granted capabilities:
 32
 33```json
 34{
 35  "granted_extension_capabilities": []
 36}
 37```
 38
 39> Note that this will likely make many extensions non-functional, at least in their default configuration.
 40
 41## Capabilities
 42
 43### `process:exec`
 44
 45The `process:exec` capability grants extensions the ability to invoke commands using [`zed_extension_api::process::Command`](https://docs.rs/zed_extension_api/latest/zed_extension_api/process/struct.Command.html).
 46
 47#### Examples
 48
 49To allow any command to be executed with any arguments:
 50
 51```toml
 52{ kind = "process:exec", command = "*", args = ["**"] }
 53```
 54
 55To allow a specific command (e.g., `gem`) to be executed with any arguments:
 56
 57```toml
 58{ kind = "process:exec", command = "gem", args = ["**"] }
 59```
 60
 61### `download_file`
 62
 63The `download_file` capability grants extensions the ability to download files using [`zed_extension_api::download_file`](https://docs.rs/zed_extension_api/latest/zed_extension_api/fn.download_file.html).
 64
 65#### Examples
 66
 67To allow any file to be downloaded:
 68
 69```toml
 70{ kind = "download_file", host = "*", path = ["**"] }
 71```
 72
 73To allow any file to be downloaded from `github.com`:
 74
 75```toml
 76{ kind = "download_file", host = "github.com", path = ["**"] }
 77```
 78
 79To allow any file to be downloaded from a specific GitHub repository:
 80
 81```toml
 82{ kind = "download_file", host = "github.com", path = ["zed-industries", "zed", "**"] }
 83```
 84
 85### `npm:install`
 86
 87The `npm:install` capability grants extensions the ability to install npm packages using [`zed_extension_api::npm_install_package`](https://docs.rs/zed_extension_api/latest/zed_extension_api/fn.npm_install_package.html).
 88
 89#### Examples
 90
 91To allow any npm package to be installed:
 92
 93```toml
 94{ kind = "npm:install", package = "*" }
 95```
 96
 97To allow a specific npm package (e.g., `typescript`) to be installed:
 98
 99```toml
100{ kind = "npm:install", package = "typescript" }
101```